Classifying Software Vulnerabilities by Using the Bugs Framework

Abstract

Software vulnerabilities, specific type of software bugs, are defined as occurrences of a software weakness, which can be exploited by an agent to cause various consequences such as modifying or accessing unintended data. Identifying and fixing software vulnerabilities thus plays an important role in software security and software engineering. A reliable body of knowledge on categories of vulnerabilities is critical to identify software vulnerabilities. In this paper, we use data-mining techniques to identify software vulnerabilities, classify them into different categories by using the Bugs Framework proposed by the National Institute of Standards and Technology (NIST), and design a model to predict the weakness of future vulnerabilities. Knowledge about vulnerability types helps software engineers save time and energy, develop programs by avoiding security vulnerabilities, and program with precaution.